Using a Bedrock Controller as a Secure Gateway in Legacy Systems

A Bedrock OSA® Remote controller provides strong cyber security capabilities when placed between the workstations running the SCADA platform and legacy PLCs. All data to and from the legacy PLC is first sent to the Bedrock OSA Remote controller. The Bedrock controller then communicates with the SCADA platform via a secure OPC UA or MQTT Sparkplug connection.

The true strength of this solution lies not only in the security, but also in the simplicity of the system. In many instances, there is absolutely no change required to the legacy PLCs. They continue to operate as before despite the change in network architecture. Only configuration of the Bedrock controller and changes to the SCADA system are required. However, if changes to a PLC are desired, users can leverage the software defined port control on the Bedrock controller to enable a direct path from the workstation to the PLC, and then disable this path when their work is complete. This allows for added flexibility and diagnostic capabilities without compromising the system’s simplicity or security.

This is also an ideal way to start a phased upgrade program for aging PLCs. Frequently the Bedrock gateway controller can be installed as an upgrade to an existing PLC and support both the gateway function and the I/O and control functions of the legacy PLC it replaces. Where space permits and minimum disruption of operations is critical, the new controller can be installed next to the old PLC and the I/O and control functions can be cut over in small phases. Over time, the process can be repeated with the remaining legacy PLCs to complete the full system upgrade. As the new Bedrock controllers replace the legacy PLCs, they connect directly to the SCADA network. The data no longer needs to go through the Bedrock gateway controller. Depending on the amount of I/O required, a Bedrock OSA control system can also be used.

To learn more about this secure proxy solution and migration path from a legacy system to a secure Bedrock OSA® Remote platform, keep reading.

How to implement a bedrock OSA Remote as a secure proxy

Initial Legacy System

The legacy installation shows a typical PLC/SCADA architecture.

Phase I – Secure Gateway

Install a Bedrock OSA Remote between the legacy PLC/SCADA and the HMI without having to disconnect I/O. The intrinsic security of the Bedrock OSA Remote now protects the legacy PLC/SCADA.

Phase 2 – Secure I/O

Migrate the I/O connections from a legacy PLC/SCADA to the Bedrock OSA Remote. The legacy PLC/SCADA can now be removed.

Phase 3 – Secure System

Continue to replace additional legacy PLC/SCADA until the entire control system is upgraded.